As the world becomes increasingly digital, and digitally connected, cyber security continues to grow in importance. In today's world, cyber security is unfortunately asymmetric—and it favors the attacker. One fundamental aspect of the asymmetry today is the inherent “break once, run many” nature of contemporary systems.
Today's cybersecurity environment is stymied by asymmetric economics of this “break once, run anywhere” nature. This ‘break once, run many’ nature makes the economics of cyber-attacks significantly favor the attacker. The effort applied to find and develop and exploit can be leveraged across a large number of targets. Once a vulnerability is found and exploited, it can often be run on millions if not billions of computers. Often times these attacks can be launched remotely from anywhere in the world. To make a cyber-attack worthwhile, the only remaining question is the value of the targeted data or systems.
Malware, or malicious software, is often linked to cyber-attacks. Cyber attackers often take advantage of vulnerabilities in computer programs, and are thus able to infect, damage and often disable the programs with computer viruses, malware and other malicious code. It is worthwhile for attackers to spend significant time engineering malware, and in particular to create viruses that can bypass or otherwise evade traditional cybersecurity defenses like anti-virus, firewalls, and security analytics packages.
One common set of techniques for writing malware uses approaches like return oriented programming (ROP) and jump oriented programming (JOP) to literally trick the target into behaving the way the attacker desires. In essence, the victim becomes the virus. Malware based on these techniques can be extremely hard to detect, and as a result, many “Zero Day” malware attacks are based on these techniques.
Fundamentally, malware based on these techniques requires knowledge of the target system. In simple terms, in order to ‘trick’ the victim into becoming the virus, the attacker needs to know very specific details about the victim, including but not limited to, the specific binary instructions used by the victim program.
Prior to the present invention, the state of the art to defend against ROP/JOP style attacks was address space layout randomization (ASLR). The goal of this approach is to randomly move binaries into different memory locations, making it more difficult for attackers to know where to find the code needed to create the virus. This approach, while worthwhile, is fairly easy to work around—simply figuring out one number (e.g. a single memory address) is often sufficient to completely defeat ASLR defenses.
There is therefore a long-felt, significant and unmet need in the art for improved methods and systems for preventing and disabling the unwanted effects of malware. As long as targets remain static, attackers will be able to exploit vulnerabilities economically. It is not sufficient to just move binaries around, the binaries themselves need to be different across systems.